It doesn't need to spawn a new shell to allow root access. It
can just load the a properly-linked shell into memory (not
calling execve), then jump to main.
Or it can not use a shell at all. Shells aren't special in any way.

True, shells aren't special. But if someone tries to smash the stack,
and the kernel protects against this (hypothetically), I think that its
just another level of protection.

I'll agree with you there. If you can prevent buffer over-runs,
you can close a lot of holes.

The problem is, can you do it? St. Jude doesn't seem to. With
some of the other things suggested, you can stop many
return-address smashers. Still doesn't stop all buffer overflows
(e.g., smash data, cause unexpected behavior).

The goal, in my mind, is to take the

"buffer overrun" out of the hands of 99.9% of the
attackers/script kiddies

out there.

I doubt it matters too much if it just becomes harder. Once
someone does it (that 0.1% or whatever), they post it to the
'net and then the other 99.9% have it.

Of course, if you stop the buffer overflow, or reliably detect
it before harm occurs, then the security hole in effect no
longer exists

<onsoapbox>
The descriptions of who and what a attacker are to me besides
the point. I'll never understand why people want to put labels on
someone trying to do something *bad* things to your box, I don't
care what kind of intelligence or expertise these jerks have -- to me,
they're equally appaulling.

I think there has been a misunderstanding here. I'm classifying
them by the level of security they can break, i.e., how much of
a threat they are. I mad no mention of the relative evil of the
two. Only of how much time, effort, and ability they can/will
expend against your machine.

You need to know what kind of attacker you will attract to
design proper security. A physical example is the difference
between your house, and a bank. Which is going to get attacked
by someone willing to spend two months studying how it works,
developing plans to avoid its security, etc.? Unless you're Bill
Gates, the answer is the bank. That's the dedicated attacker.

On the other hand, which gets hit by the guy looking for loose
windows, open doors, etc.? Probably not the bank. If he
fails ( == the doors are locked, the windows closed, someone is
home), he tries your neighbor This is the script kiddie.

OTOH, I don't think all attackers should be treated equally by
the law. Just like trespass, vandalism, burglary, and armed
robbery aren't. It depends on how much harm you cause.

"Thats illegal, how come if
someone try's to get into your computer, they aren't arrested.".
Hmmm... Mom has a good point.

Mainly due to lack of resources. Any idea how much it would of
costed to prosecute everyone how did a Nimbda, Code Red, etc.
attack against one of my machines? I got an attack every few
minutes for a while. And how innocent most of those 'attackers'
were, since their machine had been zombied.

I think the bottom line is that we'll never have 100% security until
there are laws that protect the break-in's and hacking that occurs.

There are laws. Just no resources to enforce them.
Investigations are expensive, especially ones which you don't
have any suspects until you sift through hundreds of megabytes
of logs. Can't afford to pay a expert to do that for defacing
_Joe's Home Page_